where does feed / signature validation take place when calling feed.append()?

[alexpmorris]

I recently did a test changing feed.secretKey after a few calls to feed.append(), then called feed.append() again. I expected the call to fail. However, it went through without a problem. If I manually called feed.verify() after that, only then did I receive a "Signature verification failed" error:

> await feed.verify(feed.length-1, feed._storage.signatures.toBuffer().slice(-64))
Uncaught Error: Signature verification failed

There was no replication or persistence with this test feed, so maybe that's part of the problem, as I don't expect it would be that easy to potentially corrupt a propagated feed.

But it also seems that by default, performing this sort of action using a key that doesn't match prior transactions should throw an error.

Appreciate any additional insight on this issue.

[alexpmorris]

I believe I found the answer, so closing this ticket. It seems anyone can append(), but if the invalid feed is propagated to another node, it would reject the tampered feed in _verifyAndWrite() -> _verifyRootsAndWrite(), thus throwing the exception Remote signature could not be verified.

[RangerMauve]

Glad you found an answer! For future reference, it might be good to post issues related to hypercore's internals to the hypercore repo